Google Chrome Takes Steps Towards a More Secure Web in 2017

Most of us browse the web under the assumption that where we go, the sites we visit, the search terms we use, the time we spend on any site, as well as purchases we make, are private. Many are not, allowing third parties to view, collect, and repurpose any and all user data extracted from sites that are not encrypted. Additionally, whenever users access a non-secured site, those unknown third parties can also review or modify the site before it opens on your screen, replacing real content with bogus messaging, images, etc.

How can users identify sites that are secure from those which are not? Websites that are secure will begin their URL with “HTTPS:” Sites that are not encrypted start their URLs with “HTTP:” But who looks at a website’s URL when we are shopping online? Or click on a link for more information? Beginning in January, 2017, Google Chrome, the popular web browser, will begin to roll out new connection security measures aimed at informing web users when they are on a non-encrypted website. Not only will this enable web users to make more informed decisions when using the internet, but also encourage more websites to better serve their clients and customers by establishing a secure socket to protect themselves and their visitors from potential security breaches and fraud.

Security Measures to Influence Ecommerce to Take Action

Next month, Google Chrome will begin labeling HTTP connections as “non-secure”. On the public side, site visitors will see this message when they log in:

The icon and text that reads “Not secure” informs users as to the site’s security, and their vulnerability to third parties, and enables them to make a decision as to whether they will continue to a site where their actions may be a matter of third party record. This proposed update is expected to promote more online businesses to upgrade to secure socket sites that encrypt user data, making it more difficult for third-parties to hijack data for their own purposes, including logins and credit card information.

Google expects that the proposed enhanced-security rollout will influence online businesses who have been encryption stragglers to take action. To date, Google has stated, a substantial portion of web traffic has transitioned to HTTPS, and its usage is ever-increasing. As a step to affect greater compliance, Google expects the measure to be successful and cites that since an initial report 11 months ago, 12 more of the top 100 websites (by number of users) have transitioned their serving default from HTTP to HTTPS. (Author: it is not known how many of these top 100 sites are encrypted, only that 12 have transitioned to HTTPS in 2016.)

Following this rollout, Google intends to extend HTTP warnings by labelling these pages as “Not Secure” while users are in Incognito Mode (where there is presumed to be a greater sense of privacy). Eventually all non-secure pages will be labelled as such, the goal is to provide maximum security as part of an enhanced, issue-free, user experience.

Active Web Group designs, builds and maintains websites utilizing the latest techniques and technologies to ensure web security for our clients’ businesses. For more information and a confidential consultation, contact us at (800) 978-3417.